Skip to main content
SpringerLink
Log in

Key Filtering in Cube Attacks from the Implementation Aspect

  • Conference paper
  • First Online:
Cryptology and Network Security (CANS 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14342))

Included in the following conference series:

  • 293 Accesses

Abstract

In cube attacks, key filtering is a basic step of identifying the correct key candidates by referring to the truth tables of superpolies. When terms of superpolies get massive, the truth table lookup complexity of key filtering increases significantly. In this paper, we propose the concept of implementation dependency dividing all cube attacks into two categories: implementation dependent and implementation independent. The implementation dependent cube attacks can only be feasible when the assumption that one encryption oracle query is more complicated than one table lookup holds. On the contrary, implementation independent cube attacks remain feasible in the extreme case where encryption oracles are implemented in the full codebook manner making one encryption query equivalent to one table lookup. From this point of view, we scrutinize existing cube attack results of stream ciphers Trivium, Grain-128AEAD, Acorn and Kreyvium. As a result, many of them turn out to be implementation dependent. Combining with the degree evaluation and divide-and-conquer techniques used for superpoly recovery, we further propose new cube attack results on Kreyvium reduced to 898, 899 and 900 rounds. Such new results not only mount to the maximal number of rounds so far but also are implementation independent.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. De Cannière, C., Preneel, B.: Trivium. In: Robshaw, M., Billet, O. (eds.) New Stream Cipher Designs. LNCS, vol. 4986, pp. 244–266. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-68351-3_18

    Chapter  Google Scholar 

  2. Dinur, I., Shamir, A.: Cube attacks on tweakable black box polynomials. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 278–299. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-01001-9_16

    Chapter  Google Scholar 

  3. eSTREAM: the ECRYPT stream cipher project (2018). https://www.ecrypt.eu.org/stream/. Accessed 23 Mar 2021

  4. Hadipour, H., Eichlseder, M.: Autoguess: a tool for finding guess-and-determine attacks and key bridges. In: Ateniese, G., Venturi, D. (eds.) ACNS 22. LNCS, vol. 13269, pp. 230–250. Springer, Heidelberg (2022). https://doi.org/10.1007/978-3-031-09234-3_12

    Chapter  Google Scholar 

  5. Hadipour, H., Eichlseder, M.: Integral cryptanalysis of WARP based on monomial prediction. IACR Trans. Symmetric Cryptol. 2022(2), 92–112 (2022). https://doi.org/10.46586/tosc.v2022.i2.92-112

    Article  Google Scholar 

  6. Hao, Y., Leander, G., Meier, W., Todo, Y., Wang, Q.: Modeling for three-subset division property without unknown subset. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12105, pp. 466–495. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45721-1_17

    Chapter  Google Scholar 

  7. He, J., Hu, K., Preneel, B., Wang, M.: Stretching cube attacks: improved methods to recover massive superpolies. In: ASIACRYPT 2022, Part IV. LNCS, vol. 13794, pp. 537–566. Springer, Heidelberg (2022). https://doi.org/10.1007/978-3-031-22972-5_19

    Chapter  Google Scholar 

  8. Hebborn, P., Lambin, B., Leander, G., Todo, Y.: Lower bounds on the degree of block ciphers. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020, Part I. LNCS, vol. 12491, pp. 537–566. Springer, Heidelberg (2020). https://doi.org/10.1007/978-3-030-64837-4_18

    Chapter  Google Scholar 

  9. Hu, K., Sun, S., Todo, Y., Wang, M., Wang, Q.: Massive superpoly recovery with nested monomial predictions. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021, Part I. LNCS, vol. 13090, pp. 392–421. Springer, Heidelberg (2021). https://doi.org/10.1007/978-3-030-92062-3_14

    Chapter  Google Scholar 

  10. Hu, K., Sun, S., Wang, M., Wang, Q.: An algebraic formulation of the division property: revisiting degree evaluations, cube attacks, and key-independent sums. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020. LNCS, vol. 12491, pp. 446–476. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64837-4_15

    Chapter  Google Scholar 

  11. ISO/IEC: 29192–3:2012: Information technology - Security techniques - Lightweight cryptography - part 3: Stream ciphers. https://www.iso.org/standard/56426.html

  12. Mouha, N., Wang, Q., Gu, D., Preneel, B.: Differential and linear cryptanalysis using mixed-integer linear programming. In: Wu, C.-K., Yung, M., Lin, D. (eds.) Inscrypt 2011. LNCS, vol. 7537, pp. 57–76. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34704-7_5

    Chapter  Google Scholar 

  13. Mroczkowski, P., Szmidt, J.: The cube attack on stream cipher trivium and quadraticity tests. Fundam. Inform. 114(3–4), 309–318 (2012). https://doi.org/10.3233/FI-2012-631

    Article  MathSciNet  Google Scholar 

  14. Sun, S., Hu, L., Wang, P., Qiao, K., Ma, X., Song, L.: Automatic security evaluation and (related-key) differential characteristic search: application to SIMON, PRESENT, LBlock, DES(L) and other bit-oriented block ciphers. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 158–178. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45611-8_9

    Chapter  Google Scholar 

  15. Sun, Y.: Cube attack against 843-round trivium. Cryptology ePrint Archive, Report 2021/547 (2021). https://eprint.iacr.org/2021/547

  16. Todo, Y.: Integral cryptanalysis on full MISTY1. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 413–432. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-47989-6_20

    Chapter  Google Scholar 

  17. Todo, Y.: Structural evaluation by generalized integral property. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 287–314. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46800-5_12

    Chapter  Google Scholar 

  18. Todo, Y., Isobe, T., Hao, Y., Meier, W.: Cube attacks on non-blackbox polynomials based on division property. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10403, pp. 250–279. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63697-9_9

    Chapter  Google Scholar 

  19. Todo, Y., Morii, M.: Bit-based division property and application to Simon family. In: Peyrin, T. (ed.) FSE 2016. LNCS, vol. 9783, pp. 357–377. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-52993-5_18

    Chapter  Google Scholar 

  20. Wang, Q., Hao, Y., Todo, Y., Li, C., Isobe, T., Meier, W.: Improved division property based cube attacks exploiting algebraic properties of superpoly. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10991, pp. 275–305. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96884-1_10

    Chapter  Google Scholar 

  21. Wang, S., Hu, B., Guan, J., Zhang, K., Shi, T.: MILP-aided method of searching division property using three subsets and applications. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019. LNCS, vol. 11923, pp. 398–427. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-34618-8_14

    Chapter  Google Scholar 

  22. Xiang, Z., Zhang, W., Bao, Z., Lin, D.: Applying MILP method to searching integral distinguishers based on division property for 6 lightweight block ciphers. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 648–678. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53887-6_24

    Chapter  Google Scholar 

  23. Ye, C.D., Tian, T.: Revisit division property based cube attacks: key-recovery or distinguishing attacks? IACR Trans. Symm. Cryptol. 2019(3), 81–102 (2019). https://doi.org/10.13154/tosc.v2019.i3.81-102

    Article  Google Scholar 

  24. Ye, C.D., Tian, T.: Algebraic method to recover superpolies in cube attacks. IET Inf. Secur. 14(4), 430–441 (2020)

    Article  Google Scholar 

Download references

Acknowledgments

The authors thank all reviewers for their suggestions. This work is supported by the National Key Research and Development Program of China (Grant No. 2022YFA1004900), and by the National Natural Science Foundation of China (Grant No. 62002024, 62202062).

Author information

Authors and Affiliations

  1. School of Cyber Science and Technology, Shandong University, Qingdao, China

    Hao Fan

  2. State Key Laboratory of Cryptology, Beijing, 100878, China

    Yonglin Hao, Xinxin Gong & Lin Jiao

  3. Telecom Paris, Institut Polytechnique de Paris, Paris, France

    Qingju Wang

Authors
  1. Hao Fan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yonglin Hao
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Qingju Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Xinxin Gong
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Lin Jiao
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yonglin Hao .

Editor information

Editors and Affiliations

  1. University of North Carolina, Greensboro, NC, USA

    Jing Deng

  2. Georgia Institute of Technology, Atlanta, GA, USA

    Vladimir Kolesnikov

  3. Augusta University, Augusta, GA, USA

    Alexander A. Schwarzmann

Appendices

Appendix

A Details of Our Attacks on Kreyvium

1.1 A.1 Degree Evaluations of 899-Round Kreyvium

Table 2. The upper bound degree \(\deg (p_{I_\lambda })\) of superpolies \(p_{I_\lambda }\) for 899-round Kreyvium, with cube dimension 127.
Full size table

1.2 A.2 The ANFs of Superpolies Corresponding to Attacks on 898- And 900-Round Kreyvium

For \(I_1=[0,127]\backslash \{38,86\}\), the superpoly \(p_{I_1}(\boldsymbol{x}, \boldsymbol{0})\) for 898-round Kreyvium is as Eq. (7)

$$\begin{aligned} & \quad p_{I_1}(\boldsymbol{x}, \boldsymbol{0})= x_{12} +x_{20} +x_{21} +x_{20}x_{21} +x_{23} +x_{31} +x_{36} +x_{11}x_{36} +x_{12}x_{36} +x_{26}x_{36} \nonumber \\ & +x_{37} +x_{11}x_{37} +x_{12}x_{37} +x_{26}x_{37} +x_{38} +x_{11}x_{38} +x_{12}x_{38} +x_{26}x_{38} +x_{36}x_{38} \nonumber \\ & +x_{37}x_{38} +x_{41} +x_{45} +x_{45}x_{46} +x_{47} +x_{46}x_{47} +x_{48} +x_{47}x_{48} +x_{49} +x_{48}x_{49} +x_{50} \nonumber \\ & +x_{11}x_{55} +x_{12}x_{55} +x_{26}x_{55} +x_{38}x_{55} +x_{56} +x_{11}x_{56} +x_{12}x_{56} +x_{26}x_{56} +x_{38}x_{56} \nonumber \\ & +x_{57} +x_{58} +x_{59} +x_{64}x_{65} +x_{66} +x_{67} +x_{66}x_{67} +x_{68} +x_{36}x_{70} +x_{37}x_{70} +x_{38}x_{70} \nonumber \\ & +x_{55}x_{70} +x_{56}x_{70} +x_{71} +x_{36}x_{71} +x_{37}x_{71} +x_{38}x_{71} +x_{55}x_{71} +x_{56}x_{71} +x_{80}x_{81} \nonumber \\ & +x_{11}x_{80}x_{81} +x_{12}x_{80}x_{81} +x_{26}x_{80}x_{81} +x_{38}x_{80}x_{81} +x_{70}x_{80}x_{81} +x_{71}x_{80}x_{81} +x_{82} \nonumber \\ & +x_{11}x_{82} +x_{12}x_{82} +x_{26}x_{82} +x_{38}x_{82} +x_{70}x_{82} +x_{71}x_{82} +x_{81}x_{82} +x_{11}x_{81}x_{82} \nonumber \\ & +x_{12}x_{81}x_{82} +x_{26}x_{81}x_{82} +x_{38}x_{81}x_{82} +x_{70}x_{81}x_{82} +x_{71}x_{81}x_{82} +x_{83} +x_{11}x_{83} \nonumber \\ & +x_{12}x_{83} +x_{26}x_{83} +x_{38}x_{83} +x_{70}x_{83} +x_{71}x_{83} +x_{83}x_{84} +x_{85} +x_{84}x_{85} +x_{87} +x_{90} \nonumber \\ & +x_{89}x_{90} +x_{91} +x_{95} +x_{11}x_{95} +x_{12}x_{95} +x_{26}x_{95} +x_{38}x_{95} +x_{70}x_{95} +x_{71}x_{95} +x_{96} \nonumber \\ & +x_{11}x_{96} +x_{12}x_{96} +x_{26}x_{96} +x_{38}x_{96} +x_{70}x_{96} +x_{71}x_{96} +x_{97} +x_{11}x_{97} +x_{12}x_{97} \nonumber \\ & +x_{26}x_{97} +x_{36}x_{97} +x_{37}x_{97} +x_{55}x_{97} +x_{56}x_{97} +x_{70}x_{97} +x_{71}x_{97} +x_{80}x_{81}x_{97} \nonumber \\ & +x_{82}x_{97} +x_{81}x_{82}x_{97} +x_{83}x_{97} +x_{95}x_{97} +x_{96}x_{97} +x_{98} +x_{114} +x_{123} +x_{126}. \end{aligned}$$
(7)

For \(I=[0,127]\backslash \{38,86\}\), the superpoly \(p_I(\boldsymbol{x}, \boldsymbol{0})\) for 900-round Kreyvium is as Eq. (8).

$$\begin{aligned} & \quad p_I(\boldsymbol{x}, \boldsymbol{0})= x_{125}+ x_{122}+ x_{121}+ x_{116}+ x_{113}x_{124}+ x_{112}+ x_{111}+ x_{111}x_{112}x_{124}+ \\ & x_{110}x_{124}+ x_{110}x_{111}x_{124}+ x_{106}+ x_{105}x_{124}+ x_{104}+ x_{103}+ x_{101}+ x_{98}x_{125}+ x_{98}x_{113}+ \\ & x_{98}x_{111}x_{112}+ x_{98}x_{110}+ x_{98}x_{110}x_{111}+ x_{98}x_{105}+ x_{97}x_{124}+ x_{97}x_{98}+ x_{96}+ x_{96}x_{120}+ \\ & x_{96}x_{97}+ x_{95}+ x_{95}x_{123}+ x_{94}+ x_{92}+ x_{92}x_{124}+ x_{92}x_{98}+ x_{91}x_{124}+ x_{91}x_{98}+ x_{90}+ \\ & x_{90}x_{91}+ x_{90}x_{91}x_{124}+ x_{90}x_{91}x_{98}+ x_{89}x_{121}+ x_{89}x_{97}+ x_{89}x_{96}+ x_{89}x_{90}+ x_{89}x_{90}x_{124}+ \\ & x_{89}x_{90}x_{98}+ x_{88}+ x_{87}+ x_{87}x_{88}+ x_{87}x_{88}x_{121}+ x_{87}x_{88}x_{97}+ x_{87}x_{88}x_{96}+ x_{87}x_{88}x_{95}+ \\ & x_{86}+ x_{86}x_{124}+ x_{86}x_{98}+ x_{85}+ x_{85}x_{124}+ x_{85}x_{98}+ x_{84}+ x_{83}+ x_{82}x_{91}+ x_{82}x_{89}x_{90}+ \\ & x_{80}x_{81}x_{98}+ x_{80}x_{81}x_{91}+ x_{80}x_{81}x_{89}x_{90}+ x_{80}x_{81}x_{83}+ x_{80}x_{81}x_{82}+ x_{79}x_{124}+ x_{79}x_{98}+ \\ & x_{79}x_{89}+ x_{79}x_{88}+ x_{79}x_{87}x_{88}+ x_{79}x_{80}+ x_{78}x_{89}+ x_{77}x_{124}+ x_{77}x_{98}+ x_{77}x_{78}+ \\ & x_{77}x_{78}x_{124}+ x_{77}x_{78}x_{98}+ x_{77}x_{78}x_{89}+ x_{77}x_{78}x_{87}x_{88}+ x_{76}x_{124}+ x_{76}x_{98}+ x_{76}x_{77}+ \\ & x_{75}x_{76}+ x_{75}x_{76}x_{78}+ x_{75}x_{76}x_{77}+ x_{73}+ x_{72}+ x_{72}x_{73}+ x_{70}+ x_{70}x_{89}+ x_{70}x_{87}x_{88}+ \\ & x_{70}x_{82}+ x_{70}x_{80}x_{81}+ x_{68}x_{125}+ x_{68}x_{124}+ x_{68}x_{121}+ x_{68}x_{113}x_{124}+ x_{68}x_{111}x_{112}x_{124}+ \\ & x_{68}x_{110}x_{124}+ x_{68}x_{110}x_{111}x_{124}+ x_{68}x_{105}x_{124}+ x_{68}x_{98}x_{125}+ x_{68}x_{98}x_{113}+ \\ & x_{68}x_{98}x_{111}x_{112}+ x_{68}x_{98}x_{110}+ x_{68}x_{98}x_{110}x_{111}+ x_{68}x_{98}x_{105}+ x_{68}x_{97}+ x_{68}x_{92}x_{124}+ \\ & x_{68}x_{92}x_{98}+ x_{68}x_{91}x_{124}+ x_{68}x_{91}x_{98}+ x_{68}x_{90}x_{91}x_{124}+ x_{68}x_{90}x_{91}x_{98}+ \\ & x_{68}x_{89}x_{90}x_{124}+ x_{68}x_{89}x_{90}x_{98}+ x_{68}x_{86}x_{124}+ x_{68}x_{86}x_{98}+ x_{68}x_{85}x_{124}+ x_{68}x_{85}x_{98}+ \\ & x_{68}x_{80}+ x_{68}x_{77}x_{124}+ x_{68}x_{77}x_{98}+ x_{68}x_{76}x_{124}+ x_{68}x_{76}x_{98}+ x_{67}x_{68}+ x_{66}+ x_{66}x_{98}+ \\ & x_{66}x_{91}+ x_{66}x_{89}x_{90}+ x_{66}x_{88}+ x_{66}x_{70}+ x_{66}x_{68}+ x_{66}x_{68}x_{98}+ x_{65}x_{124}+ x_{65}x_{113}+ \\ & x_{65}x_{111}x_{112}+ x_{65}x_{110}+ x_{65}x_{110}x_{111}+ x_{65}x_{105}+ x_{65}x_{98}+ x_{65}x_{97}+ x_{65}x_{92}+ x_{65}x_{91}+ \\ & x_{65}x_{90}x_{91}+ x_{65}x_{89}x_{90}+ x_{65}x_{85}+ x_{65}x_{79}+ x_{65}x_{77}+ x_{65}x_{77}x_{78}+ x_{65}x_{76}+ x_{65}x_{70}+ \\ & x_{65}x_{68}x_{124}+ x_{65}x_{68}x_{113}+ x_{65}x_{68}x_{111}x_{112}+ x_{65}x_{68}x_{110}+ x_{65}x_{68}x_{110}x_{111}+ \\ & x_{65}x_{68}x_{105}+ x_{65}x_{68}x_{98}+ x_{65}x_{68}x_{92}+ x_{65}x_{68}x_{91}+ x_{65}x_{68}x_{90}x_{91}+ x_{65}x_{68}x_{89}x_{90}+ \\ & x_{65}x_{68}x_{86}+ x_{65}x_{68}x_{85}+ x_{65}x_{68}x_{77}+ x_{65}x_{68}x_{76}+ x_{64}x_{124}+ x_{64}x_{98}+ x_{64}x_{95}+ \\ & x_{64}x_{82}+ x_{64}x_{80}x_{81}+ x_{64}x_{68}x_{124}+ x_{64}x_{68}x_{98}+ x_{64}x_{66}+ x_{64}x_{65}x_{91}+ x_{64}x_{65}x_{89}x_{90}+ \\ & x_{64}x_{65}x_{88}+ x_{64}x_{65}x_{70}+ x_{64}x_{65}x_{68}+ x_{63}+ x_{63}x_{124}+ x_{63}x_{98}+ x_{63}x_{68}x_{124}+ \\ & x_{63}x_{68}x_{98}+ x_{63}x_{65}+ x_{63}x_{65}x_{68}+ x_{63}x_{64}x_{86}+ x_{63}x_{64}x_{70}+ x_{63}x_{64}x_{66}+ x_{63}x_{64}x_{65}+ \\ & x_{62}+ x_{62}x_{124}+ x_{62}x_{121}+ x_{62}x_{98}+ x_{62}x_{97}+ x_{62}x_{96}+ x_{62}x_{95}+ x_{62}x_{89}+ x_{62}x_{87}x_{88}+ \\ & x_{62}x_{79}+ x_{62}x_{77}x_{78}+ x_{62}x_{70}+ x_{62}x_{68}+ x_{62}x_{68}x_{124}+ x_{62}x_{68}x_{98}+ x_{62}x_{65}+ \\ & x_{62}x_{65}x_{68}+ x_{62}x_{63}+ x_{61}x_{96}+ x_{61}x_{62}x_{124}+ x_{61}x_{62}x_{98}+ x_{61}x_{62}x_{68}x_{124}+ \\ & x_{61}x_{62}x_{68}x_{98}+ x_{61}x_{62}x_{65}+ x_{61}x_{62}x_{65}x_{68}+ x_{60}+ x_{60}x_{61}x_{124}+ x_{60}x_{61}x_{98}+ \\ & x_{60}x_{61}x_{68}x_{124}+ x_{60}x_{61}x_{68}x_{98}+ x_{60}x_{61}x_{65}+ x_{60}x_{61}x_{65}x_{68}+ x_{58}x_{59}+ x_{56}x_{98}+ \\ & x_{56}x_{82}+ x_{56}x_{80}x_{81}+ x_{56}x_{68}+ x_{56}x_{68}x_{98}+ x_{55}+ x_{55}x_{113}+ x_{55}x_{111}x_{112}+ x_{55}x_{110}+ \\ & x_{55}x_{110}x_{111}+ x_{55}x_{105}+ x_{55}x_{98}+ x_{55}x_{97}+ x_{55}x_{92}+ x_{55}x_{90}x_{91}+ x_{55}x_{86}+ x_{55}x_{85}+ \\ & x_{55}x_{83}+ x_{55}x_{81}x_{82}+ x_{55}x_{79}+ x_{55}x_{77}+ x_{55}x_{77}x_{78}+ x_{55}x_{76}+ x_{55}x_{70}+ x_{55}x_{68}+ \\ & x_{55}x_{68}x_{113}+ x_{55}x_{68}x_{111}x_{112}+ x_{55}x_{68}x_{110}+ x_{55}x_{68}x_{110}x_{111}+ x_{55}x_{68}x_{105}+ \end{aligned}$$
$$\begin{aligned} & x_{55}x_{68}x_{92}+ x_{55}x_{68}x_{91}+ x_{55}x_{68}x_{90}x_{91}+ x_{55}x_{68}x_{89}x_{90}+ x_{55}x_{68}x_{86}+ x_{55}x_{68}x_{85}+ \\ & x_{55}x_{68}x_{77}+ x_{55}x_{68}x_{76}+ x_{55}x_{65}+ x_{55}x_{65}x_{68}+ x_{55}x_{64}x_{68}+ x_{55}x_{63}+ x_{55}x_{63}x_{68}+ \\ & x_{55}x_{62}+ x_{55}x_{62}x_{68}+ x_{55}x_{61}x_{62}+ x_{55}x_{61}x_{62}x_{68}+ x_{55}x_{60}x_{61}+ x_{55}x_{60}x_{61}x_{68}+ \\ & x_{55}x_{56}+ x_{54}+ x_{54}x_{124}+ x_{54}x_{98}+ x_{54}x_{68}x_{124}+ x_{54}x_{68}x_{98}+ x_{54}x_{65}+ x_{54}x_{65}x_{68}+ \\ & x_{54}x_{55}+ x_{54}x_{55}x_{68}+ x_{53}+ x_{53}x_{111}x_{124}+ x_{53}x_{98}x_{111}+ x_{53}x_{68}x_{111}x_{124}+ \\ & x_{53}x_{68}x_{98}x_{111}+ x_{53}x_{65}x_{111}+ x_{53}x_{65}x_{68}x_{111}+ x_{53}x_{55}x_{111}+ x_{53}x_{55}x_{68}x_{111}+ x_{52}+ \\ & x_{52}x_{124}+ x_{52}x_{112}x_{124}+ x_{52}x_{110}x_{124}+ x_{52}x_{98}+ x_{52}x_{98}x_{112}+ x_{52}x_{98}x_{110}+ x_{52}x_{68}+ \\ & x_{52}x_{68}x_{112}x_{124}+ x_{52}x_{68}x_{110}x_{124}+ x_{52}x_{68}x_{98}x_{112}+ x_{52}x_{68}x_{98}x_{110}+ x_{52}x_{65}+ \\ & x_{52}x_{65}x_{112}+ x_{52}x_{65}x_{110}+ x_{52}x_{65}x_{68}x_{112}+ x_{52}x_{65}x_{68}x_{110}+ x_{52}x_{55}+ x_{52}x_{55}x_{112}+ \\ & x_{52}x_{55}x_{110}+ x_{52}x_{55}x_{68}x_{112}+ x_{52}x_{55}x_{68}x_{110}+ x_{52}x_{53}x_{124}+ x_{52}x_{53}x_{98}+ \\ & x_{52}x_{53}x_{68}x_{124}+ x_{52}x_{53}x_{68}x_{98}+ x_{52}x_{53}x_{65}+ x_{52}x_{53}x_{65}x_{68}+ x_{52}x_{53}x_{55}+ \\ & x_{52}x_{53}x_{55}x_{68}+ x_{51}x_{124}+ x_{51}x_{111}x_{124}+ x_{51}x_{98}+ x_{51}x_{98}x_{111}+ x_{51}x_{96}+ x_{51}x_{77}+ \\ & x_{51}x_{75}x_{76}+ x_{51}x_{68}x_{124}+ x_{51}x_{68}x _{111}x_{124}+ x_{51}x_{68}x_{98}+ x_{51}x_{68}x_{98}x_{111}+ x_{51}x_{65}+ \\ & x_{51}x_{65}x_{111}+ x_{51}x_{65}x_{68}+ x_{51}x_{65}x_{68}x_{111}+ x_{51}x_{55}+ x_{51}x_{55}x_{111}+ x_{51}x_{55}x_{68}+ \\ & x_{51}x_{55}x_{68}x_{111}+ x_{51}x_{52}x_{124}+ x_{51}x_{52}x_{98}+ x_{51}x_{52}x_{68}x_{124}+ x_{51}x_{52}x_{68}x_{98}+ \\ & x_{51}x_{52}x_{65}+ x_{51}x_{52}x_{65}x_{68}+ x_{51}x_{52}x_{55}+ x_{51}x_{52}x_{55}x_{68}+ x_{50}+ x_{50}x_{78}+ x_{50}x_{76}x_{77}+ \\ & x_{49}+ x_{48}+ x_{47}x_{48}+ x_{46}x_{124}+ x_{46}x_{98}+ x_{46}x_{68}x_{124}+ x_{46}x_{68}x_{98}+ x_{46}x_{65}+ \\ & x_{46}x_{65}x_{68}+ x_{46}x_{55}+ x_{46}x_{55}x_{68}+ x_{46}x_{47}+ x_{45}+ x_{44}+ x_{42}+ x_{40}+ x_{39}+ x_{39}x_{125}+ \\ & x_{39}x_{113}+ x_{39}x_{111}x_{112}+ x_{39}x_{110}+ x_{39}x_{110}x_{111}+ x_{39}x_{105}+ x_{39}x_{97}+ x_{39}x_{92}+ \\ & x_{39}x_{90}x_{91}+ x_{39}x_{88}+ x_{39}x_{86}+ x_{39}x_{85}+ x_{39}x_{80}x_{81}+ x_{39}x_{79}+ x_{39}x_{77}+ x_{39}x_{77}x_{78}+ \\ & x_{39}x_{76}+ x_{39}x_{70}+ x_{39}x_{68}x_{125}+ x_{39}x_{68}x_{113}+ x_{39}x_{68}x_{111}x_{112}+ x_{39}x_{68}x_{110}+ \\ & x_{39}x_{68}x_{110}x_{111}+ x_{39}x_{68}x_{105}+ x_{39}x_{68}x_{92}+ x_{39}x_{68}x_{91}+ x_{39}x_{68}x_{90}x_{91}+ \\ & x_{39}x_{68}x_{89}x_{90}+ x_{39}x_{68}x_{86}+ x_{39}x_{68}x_{85}+ x_{39}x_{68}x_{77}+ x_{39}x_{68}x_{76}+ x_{39}x_{66}+ \\ & x_{39}x_{66}x_{68}+ x_{39}x_{65}x_{68}+ x_{39}x_{64}x_{68}+ x_{39}x_{63}+ x_{39}x_{63}x_{68}+ x_{39}x_{63}x_{64}+ x_{39}x_{62}+ \\ & x_{39}x_{62}x_{68}+ x_{39}x_{61}x_{62}+ x_{39}x_{61}x_{62}x_{68}+ x_{39}x_{60}x_{61}+ x_{39}x_{60}x_{61}x_{68}+ x_{39}x_{56}+ \\ & x_{39}x_{56}x_{68}+ x_{39}x_{55}+ x_{39}x_{54}+ x_{39}x_{54}x_{68}+ x_{39}x_{53}x_{111}+ x_{39}x_{53}x_{68}x_{111}+ x_{39}x_{52}+ \\ & x_{39}x_{52}x_{112}+ x_{39}x_{52}x_{110}+ x_{39}x_{52}x_{68}x_{112}+ x_{39}x_{52}x_{68}x_{110}+ x_{39}x_{52}x_{53}+ \\ & x_{39}x_{52}x_{53}x_{68}+ x_{39}x_{51}+ x_{39}x_{51}x_{111}+ x_{39}x_{51}x_{68}+ x_{39}x_{51}x_{68}x_{111}+ x_{39}x_{51}x_{52}+ \\ & x_{39}x_{51}x_{52}x_{68}+ x_{39}x_{46}+ x_{39}x_{46}x_{68}+ x_{38}x_{124}+ x_{38}x_{98}+ x_{38}x_{96}+ x_{38}x_{89}+ \\ & x_{38}x_{87}x_{88}+ x_{38}x_{86}+ x_{38}x_{70}+ x_{38}x_{68}+ x_{38}x_{66}+ x_{38}x_{65}+ x_{38}x_{64}x_{65}+ x_{38}x_{62}+ \\ & x_{38}x_{55}+ x_{37}x_{120}+ x_{37}x_{97}+ x_{37}x_{89}+ x_{37}x_{87}x_{88}+ x_{37}x_{62}+ x_{37}x_{61}+ x_{37}x_{51}+ \\ & x_{37}x_{38}+ x_{36}+ x_{36}x_{123}+ x_{36}x_{87}x_{88}+ x_{36}x_{64}+ x_{36}x_{62}+ x_{35}x_{124}+ x_{35}x_{98}+ \\ & x_{35}x_{68}x_{124}+ x_{35}x_{68}x_{98}+ x_{35}x_{65}+ x_{35}x_{65}x_{68}+ x_{35}x_{55}+ x_{35}x_{55}x_{68}+ x_{35}x_{39}+ \\ & x_{35}x_{39}x_{68}+ x_{34}+ x_{33}+ x_{32}+ x_{31}+ x_{30}x_{95}+ x_{30}x_{78}+ x_{30}x_{36}+ x_{29}x_{79}+ x_{29}x_{66}+ \\ & x_{29}x_{64}x_{65}+ x_{29}x_{39}+ x_{28}+ x_{27}+ x_{27}x_{124}+ x_{27}x_{98}+ x_{27}x_{68}x_{124}+ x_{27}x_{68}x_{98}+ \end{aligned}$$
$$\begin{aligned} & x_{27}x_{65}x_{68}+ x_{27}x_{63}x_{64}+ x_{27}x_{55}+ x_{27}x_{55}x_{68}+ x_{27}x_{39}+ x_{27}x_{39}x_{68}+ x_{27}x_{38}+ x_{26}+ \\ & x_{26}x_{124}+ x_{26}x_{98}+ x_{26}x_{68}x_{124}+ x_{26}x_{68}x_{98}+ x_{26}x_{65}+ x_{26}x_{65}x_{68}+ x_{26}x_{55}+ \\ & x_{26}x_{55}x_{68}+ x_{26}x_{39}+ x_{26}x_{39}x_{68}+ x_{25}+ x_{23}+ x_{23}x_{98}+ x_{23}x_{39}+ x_{22}+ x_{21}+ x_{21}x_{68}+ \\ & x_{20}x_{95}+ x_{20}x_{88}+ x_{20}x_{78}+ x_{20}x_{36}+ x_{20}x_{29}+ x_{19}x_{89}+ x_{19}x_{30}+ x_{19}x_{20}+ x_{18}x_{124}+ \\ & x_{18}x_{98}+ x_{18}x_{68}x_{124}+ x_{18}x_{68}x_{98}+ x_{18}x_{65}+ x_{18}x_{65}x_{68}+ x_{18}x_{55}+ x_{18}x_{55}x_{68}+ \\ & x_{18}x_{39}+ x_{18}x_{39}x_{68}+ x_{17}x_{124}+ x_{17}x_{98}+ x_{17}x_{68}x_{124}+ x_{17}x_{68}x_{98}+ x_{17}x_{65}+ \\ & x_{17}x_{65}x_{68}+ x_{17}x_{55}+ x_{17}x_{55}x_{68}+ x_{17}x_{39}+ x_{17}x_{39}x_{68}+ x_{15}+ x_{14}+ x_{13}+ x_{11}x_{89}+ \\ & x_{11}x_{87}x_{88}+ x_{11}x_{82}+ x_{11}x_{80}x_{81}+ x_{11}x_{68}+ x_{11}x_{66}+ x_{11}x_{65}+ x_{11}x_{64}x_{65}+ \\ & x_{11}x_{63}x_{64}+ x_{11}x_{62}+ x_{11}x_{55}+ x_{11}x_{39}+ x_{11}x_{38}+ x_{10}x_{88}+ x_{10}x_{29}+ x_{9}x_{125}+ x_{9}x_{124}+ \\ & x_{9}x_{121}+ x_{9}x_{113}x_{124}+ x_{9}x_{111}x_{112}x_{124}+ x_{9}x_{110}x_{124}+ x_{9}x_{110}x_{111}x_{124}+ x_{9}x_{105}x_{124}+ \\ & x_{9}x_{98}x_{125}+ x_{9}x_{98}x_{113}+ x_{9}x_{98}x_{111}x_{112}+ x_{9}x_{98}x_{110}+ x_{9}x_{98}x_{110}x_{111}+ x_{9}x_{98}x_{105}+ \\ & x_{9}x_{97}+ x_{9}x_{92}x_{124}+ x_{9}x_{92}x_{98}+ x_{9}x_{91}x_{124}+ x_{9}x_{91}x_{98}+ x_{9}x_{90}x_{91}x_{124}+ \\ & x_{9}x_{90}x_{91}x_{98}+ x_{9}x_{89}+ x_{9}x_{89}x_{90}x_{124}+ x_{9}x_{89}x_{90}x_{98}+ x_{9}x_{86}x_{124}+ x_{9}x_{86}x_{98}+ \\ & x_{9}x_{85}x_{124}+ x_{9}x_{85}x_{98}+ x_{9}x_{80}+ x_{9}x_{77}x_{124}+ x_{9}x_{77}x_{98}+ x_{9}x_{76}x_{124}+ x_{9}x_{76}x_{98}+ \\ & x_{9}x_{66}+ x_{9}x_{66}x_{98}+ x_{9}x_{65}x_{124}+ x_{9}x_{65}x_{113}+ x_{9}x_{65}x_{111}x_{112}+ x_{9}x_{65}x_{110}+ \\ & x_{9}x_{65}x_{110}x_{111}+ x_{9}x_{65}x_{105}+ x_{9}x_{65}x_{98}+ x_{9}x_{65}x_{92}+ x_{9}x_{65}x_{91}+ x_{9}x_{65}x_{90}x_{91}+ \\ & x_{9}x_{65}x_{89}x_{90}+ x_{9}x_{65}x_{86}+ x_{9}x_{65}x_{85}+ x_{9}x_{65}x_{77}+ x_{9}x_{65}x_{76}+ x_{9}x_{64}x_{124}+ x_{9}x_{64}x_{98}+ \\ & x_{9}x_{64}x_{65}+ x_{9}x_{63}x_{124}+ x_{9}x_{63}x_{98}+ x_{9}x_{63}x_{65}+ x_{9}x_{62}+ x_{9}x_{62}x_{124}+ x_{9}x_{62}x_{98}+ \\ & x_{9}x_{62}x_{65}+ x_{9}x_{61}x_{62}x_{124}+ x_{9}x_{61}x_{62}x_{98}+ x_{9}x_{61}x_{62}x_{65}+ x_{9}x_{60}x_{61}x_{124}+ \\ & x_{9}x_{60}x_{61}x_{98}+ x_{9}x_{60}x_{61}x_{65}+ x_{9}x_{56}+ x_{9}x_{56}x_{98}+ x_{9}x_{55}+ x_{9}x_{55}x_{113}+ \end{aligned}$$
$$\begin{aligned} & x_{9}x_{55}x_{111}x_{112}+ x_{9}x_{55}x_{110}+ x_{9}x_{55}x_{110}x_{111}+ x_{9}x_{55}x_{105}+ x_{9}x_{55}x_{92}+ x_{9}x_{55}x_{91}+ \nonumber \\ & x_{9}x_{55}x_{90}x_{91}+ x_{9}x_{55}x_{89}x_{90}+ x_{9}x_{55}x_{86}+ x_{9}x_{55}x_{85}+ x_{9}x_{55}x_{77}+ x_{9}x_{55}x_{76}+ \nonumber \\ & x_{9}x_{55}x_{65}+ x_{9}x_{55}x_{64}+ x_{9}x_{55}x_{63}+ x_{9}x_{55}x_{62}+ x_{9}x_{55}x_{61}x_{62}+ x_{9}x_{55}x_{60}x_{61}+ \nonumber \\ & x_{9}x_{54}x_{124}+ x_{9}x_{54}x_{98}+ x_{9}x_{54}x_{65}+ x_{9}x_{54}x_{55}+ x_{9}x_{53}x_{111}x_{124}+ x_{9}x_{53}x_{98}x_{111}+ \nonumber \\ & x_{9}x_{53}x_{65}x_{111}+ x_{9}x_{53}x_{55}x_{111}+ x_{9}x_{52}+ x_{9}x_{52}x_{112}x_{124}+ x_{9}x_{52}x_{110}x_{124}+ \nonumber \\ & x_{9}x_{52}x_{98}x_{112}+ x_{9}x_{52}x_{98}x_{110}+ x_{9}x_{52}x_{65}x_{112}+ x_{9}x_{52}x_{65}x_{110}+ x_{9}x_{52}x_{55}x_{112}+ \nonumber \\ & x_{9}x_{52}x_{55}x_{110}+ x_{9}x_{52}x_{53}x_{124}+ x_{9}x_{52}x_{53}x_{98}+ x_{9}x_{52}x_{53}x_{65}+ x_{9}x_{52}x_{53}x_{55}+ \nonumber \\ & x_{9}x_{51}x_{124}+ x_{9}x_{51}x_{111}x_{124}+ x_{9}x_{51}x_{98}+ x_{9}x_{51}x_{98}x_{111}+ x_{9}x_{51}x_{65}+ x_{9}x_{51}x_{65}x_{111}+ \nonumber \\ & x_{9}x_{51}x_{55}+ x_{9}x_{51}x_{55}x_{111}+ x_{9}x_{51}x_{52}x_{124}+ x_{9}x_{51}x_{52}x_{98}+ x_{9}x_{51}x_{52}x_{65}+ \nonumber \\ & x_{9}x_{51}x_{52}x_{55}+ x_{9}x_{46}x_{124}+ x_{9}x_{46}x_{98}+ x_{9}x_{46}x_{65}+ x_{9}x_{46}x_{55}+ x_{9}x_{39}x_{125}+ \nonumber \\ & x_{9}x_{39}x_{113}+ x_{9}x_{39}x_{111}x_{112}+ x_{9}x_{39}x_{110}+ x_{9}x_{39}x_{110}x_{111}+ x_{9}x_{39}x_{105}+ x_{9}x_{39}x_{92}+ \nonumber \\ & x_{9}x_{39}x_{91}+ x_{9}x_{39}x_{90}x_{91}+ x_{9}x_{39}x_{89}x_{90}+ x_{9}x_{39}x_{86}+ x_{9}x_{39}x_{85}+ x_{9}x_{39}x_{77}+ \nonumber \\ & x_{9}x_{39}x_{76}+ x_{9}x_{39}x_{66}+ x_{9}x_{39}x_{65}+ x_{9}x_{39}x_{64}+ x_{9}x_{39}x_{63}+ x_{9}x_{39}x_{62}+ x_{9}x_{39}x_{61}x_{62}+ \nonumber \\ & x_{9}x_{39}x_{60}x_{61}+ x_{9}x_{39}x_{56}+ x_{9}x_{39}x_{54}+ x_{9}x_{39}x_{53}x_{111}+ x_{9}x_{39}x_{52}x_{112}+ x_{9}x_{39}x_{52}x_{110}+ \nonumber \\ & x_{9}x_{39}x_{52}x_{53}+ x_{9}x_{39}x_{51}+ x_{9}x_{39}x_{51}x_{111}+ x_{9}x_{39}x_{51}x_{52}+ x_{9}x_{39}x_{46}+ x_{9}x_{38}+ \nonumber \\ & x_{9}x_{35}x_{124}+ x_{9}x_{35}x_{98}+ x_{9}x_{35}x_{65}+ x_{9}x_{35}x_{55}+ x_{9}x_{35}x_{39}+ x_{9}x_{30}+ x_{9}x_{27}x_{124}+ \nonumber \\ & x_{9}x_{27}x_{98}+ x_{9}x_{27}x_{65}+ x_{9}x_{27}x_{55}+ x_{9}x_{27}x_{39}+ x_{9}x_{26}x_{124}+ x_{9}x_{26}x_{98}+ x_{9}x_{26}x_{65}+ \nonumber \\ & x_{9}x_{26}x_{55}+ x_{9}x_{26}x_{39}+ x_{9}x_{21}+ x_{9}x_{20}+ x_{9}x_{18}x_{124}+ x_{9}x_{18}x_{98}+ x_{9}x_{18}x_{65}+ \nonumber \\ & x_{9}x_{18}x_{55}+ x_{9}x_{18}x_{39}+ x_{9}x_{17}x_{124}+ x_{9}x_{17}x_{98}+ x_{9}x_{17}x_{65}+ x_{9}x_{17}x_{55}+ x_{9}x_{17}x_{39}+ \nonumber \\ & x_{9}x_{11}+ x_{8}x_{124}+ x_{8}x_{98}+ x_{8}x_{68}x_{124}+ x_{8}x_{68}x_{98}+ x_{8}x_{65}+ x_{8}x_{65}x_{68}+ x_{8}x_{55}+ \nonumber \\ & x_{8}x_{55}x_{68}+ x_{8}x_{39}+ x_{8}x_{39}x_{68}+ x_{8}x_{9}x_{124}+ x_{8}x_{9}x_{98}+ x_{8}x_{9}x_{65}+ x_{8}x_{9}x_{55}+ x_{8}x_{9}x_{39}+ \nonumber \\ & x_{7}+ x_{7}x_{124}+ x_{7}x_{98}+ x_{7}x_{68}x_{124}+ x_{7}x_{68}x_{98}+ x_{7}x_{65}+ x_{7}x_{65}x_{68}+ x_{7}x_{55}+ x_{7}x_{55}x_{68}+ \nonumber \\ & x_{7}x_{39}+ x_{7}x_{39}x_{68}+ x_{7}x_{9}x_{124}+ x_{7}x_{9}x_{98}+ x_{7}x_{9}x_{65}+ x_{7}x_{9}x_{55}+ x_{7}x_{9}x_{39}+ x_{6}+ \nonumber \\ & x_{5}x_{95}+ x_{5}x_{36}. \end{aligned}$$
(8)

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Fan, H., Hao, Y., Wang, Q., Gong, X., Jiao, L. (2023). Key Filtering in Cube Attacks from the Implementation Aspect. In: Deng, J., Kolesnikov, V., Schwarzmann, A.A. (eds) Cryptology and Network Security. CANS 2023. Lecture Notes in Computer Science, vol 14342. Springer, Singapore. https://doi.org/10.1007/978-981-99-7563-1_14

Download citation

  • DOI: https://doi.org/10.1007/978-981-99-7563-1_14

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-99-7562-4

  • Online ISBN: 978-981-99-7563-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation